According to one of these new developments , Cybercriminals are taking advantage of the war by manipulating unknowing people looking for tools to carry out their own cyber attacks against Russian entities. A number of these tools are offered as ways to target Russian or pro-Russian websites. They have quickly proliferated throughout multiple social media platforms in the last few days. On some major open-source platforms, a simple search for “Ukraine” or “Russia”.
One of the main ways that we see these kinds of offers published and spread on the Telegram encrypted messaging service, which is very popular in Eastern Europe and is heavily used by both Ukrainians and Russians. We’ve observed a lot of contact from both sides, such as links to Telegram channels associated with various groups, such as the Ukrainian IT Army. We discovered the message below while monitoring some of these spaces on a regular basis.
We discovered a tool named “Liberator” made by an organisation called disBalancer . Liberator is marketed as a DDoS attack tool against “Russian propaganda websites.” A brief look at disBalancer’s website reveals that the actor employs wording that is identical to the fraudulent message on Telegram above, promising to target Russian sites with the stated goal of “liberating” Ukraine.
The Ministry of Digital Development is expected to provide a domestic solution to handle the issuing and renewal of TLS certificates if they are revoked or expired.
The service is available to all legal businesses operating in Russia, and certifications are issued to site owners within 5 working days upon request. TLS certificates connect a cryptographic key to an organization’s details digitally, allowing web browsers to verify the domain’s legitimacy and enable safe communication between a client computer and the destination website.
The suggestion comes as Western governments have imposed restrictions on companies like DigiCert, preventing them from doing business in Russia. Due to the checks required for private organisations and individuals, validation of Russian orders may take longer to process , however we are able to offer all items to this country.
Finally the researchers concluded that ,” The news follows Cisco Talos’ revelations that opportunistic cybercriminals are taking advantage of the ongoing conflict by distributing malware posing as offensive cyber tools to unwary users looking for tools to carry out their own assaults against Russian organisations. The global interest in the war generates a large potential victim pool for threat actors, as well as an increasing number of persons interested in conducting their own offensive cyber operations.
Indicator Of Compromise
f297c69795af08fd930a3d181ac78df14d79e30ba8b802666605dbc66dffd994 (Added 3/10/2022)
95[.]142.46.35 – Port 6666